Privacy Policy

Astrologyst AI ("Astrologyst", "we", "our", or "us") is an online platform available at www.astrologyst.com that offers personalised horoscopes, birth-chart analyses and conversational astrological guidance generated with the help of large-language-model providers such as OpenAI, Anthropic, xAI and Google Gemini. The service is operated by Astrologyst Technologies d.o.o., a company incorporated in the Republic of Serbia with its registered office at Kneza Mihaila 12, 11000 Belgrade. Because the very nature of our product involves the processing of information that can identify or relate to an individual—such as birth details, personal questions and account credentials—we are committed to treating that information lawfully, fairly and transparently. This Privacy Policy explains what personal data we collect, why we collect it, how we use and share it, how long we keep it, which security measures we apply, how international transfers are handled, what rights you have and how you can exercise them. The Policy applies to every visitor, registered user and business partner, regardless of place of residence.

When you interact with Astrologyst AI we receive information that you actively provide and information we collect automatically. Data you provide actively includes the name you choose to display, the e-mail address and password you use to register, the date, time and place of birth that are required for astrological calculations, any free-text prompts or questions you type into the chat interface, optional profile pictures, payment details that you submit at checkout and any correspondence you send to our support team. Data collected automatically comprises technical log files, IP addresses, device identifiers, browser type and version, operating-system information, language preference, time-zone setting, pages viewed, the date and time of each request, and the site or campaign that referred you to us. We use cookies and similar technologies to maintain your session, remember your interface settings and compile statistics about how the site is used. We do not intentionally collect government-issued identifiers, health information or precise GPS location, and we ask you not to include such data in the prompts you submit. If you contact us on social-media platforms we will receive the profile information that platform chooses to share with us.

Under Article 6 of the General Data Protection Regulation ("GDPR") we rely primarily on the necessity of processing for the performance of the contract that comes into existence when you create an account and request an astrological reading (Article 6 (1)(b)). Certain activities—such as sending marketing e-mails or placing non-essential cookies—take place only when you have given us your consent (Article 6 (1)(a)). We process some data to comply with legal obligations, for instance Serbian accounting law and EU VAT rules that require us to keep financial records (Article 6 (1)(c)). Very occasionally we may process data to protect a vital interest, for example if we receive information that indicates a risk of self-harm during a support interaction (Article 6 (1)(d)). Finally, we have a legitimate interest in securing and improving our service, preventing fraud, defending legal claims and contacting existing customers about closely related products (Article 6 (1)(f)). For California residents these activities fall within the "business purposes" and "commercial purposes" defined by the California Consumer Privacy Act ("CCPA"). In Canada we follow the consent, accountability and limiting-collection principles laid down by the Personal Information Protection and Electronic Documents Act ("PIPEDA"). We use personal data to authenticate your log-in, generate the astrological output you request, display past readings in your dashboard, provide customer support, process transactions, send administrative notices such as password-reset links or changes to our terms, personalise content, measure and improve the performance of our site, develop new features, enforce our Terms of Service, comply with applicable law, and—only if you have opted in—to send newsletters and special offers.

Astrologyst AI does not sell your personal data and never has. We share it only with trusted third parties who need the information to provide their services to us and who are contractually bound to act solely on our instructions, to apply appropriate security measures and to assist us in honouring your privacy rights. These third parties include cloud-hosting providers (currently Amazon Web Services in the EU-Central-1 region in Frankfurt, Germany), payment processors, e-mail delivery platforms, customer-support software vendors, analytics providers and the artificial-intelligence inference APIs that transform your prompts into natural-language responses. Where required by law we disclose data to competent courts or regulatory authorities, or to professional advisers who are subject to duties of confidentiality. If Astrologyst undergoes a merger, acquisition or asset sale, personal data may be transferred to the acquiring entity, but will remain subject to the promises made in this Policy. We may publish aggregated or irreversibly anonymised statistics—such as the number of daily horoscope requests—because such information can no longer be linked to an individual.

All production servers, primary databases and encrypted off-site backups under our control are located exclusively in the European Union. At the time this Policy is published they are physically situated in AWS data centres in Frankfurt, Germany. However, some of the carefully vetted sub-processors we rely on—particularly certain AI-model providers and global e-mail or support vendors—operate or maintain support staff outside the European Economic Area ("EEA"), the United Kingdom and Switzerland. Whenever personal data leaves those jurisdictions we ensure an adequate level of protection by entering into the Standard Contractual Clauses adopted by the European Commission on 4 June 2021 (Decision 2021/914/EU) and, where required, the UK International Data Transfer Addendum. Transfers are further protected by strong encryption in transit (TLS 1.3) and by rigorous data-minimisation practices that ensure only the strictly necessary pieces of information are sent. Copies of the relevant contractual safeguards can be obtained by writing to privacy@astrologyst.com. For California residents we confirm that such cross-border transfers take place under the "service-provider" provisions of the CCPA, meaning that the receiving party is prohibited from retaining, using or disclosing the personal information for any purpose other than providing the contracted service.

Safeguarding your information is central to our mission. Every connection between your browser or mobile device and our infrastructure is encrypted using Transport Layer Security version 1.3 with forward secrecy; HTTP Strict Transport Security is enabled to prevent downgrade attacks. All data stored on our servers—including database snapshots and file-system backups—is encrypted at rest with the AES-256 algorithm. Passwords are never stored in plaintext; instead they are salted and processed with the Argon2id key-derivation function. Access to production systems is limited to a small group of employees based in the EEA and Serbia, is protected by hardware security keys that implement the FIDO2 standard, and is logged in an immutable audit trail. We carry out regular penetration tests, maintain a documented incident-response plan and monitor our systems around the clock. Should a personal-data breach that is likely to result in a high risk to individuals occur, we will notify both the affected users and the competent supervisory authority without undue delay and, where feasible, within 72 hours as required by Article 33 GDPR. No method of transmission or storage is completely secure, but we constantly review and enhance our defences in line with industry best practice.

We retain personal data only for as long as it is needed for the purposes stated in this Policy. Account information remains in our EU-hosted databases for as long as your account is active and, after you close it, for up to two years so that you can reactivate the account if you wish and so that we can meet our legal, tax and audit obligations. Conversation logs and generated astrological reports are stored for twelve months by default, enabling you to revisit past readings; you may delete any entry at any time via your dashboard, and it will disappear from live systems within 48 hours and from encrypted backups within 30 days. Payment transaction records are retained for ten years as required by Serbian bookkeeping legislation and Article 132 of the EU VAT Directive. We perform periodic reviews of the data we hold and either anonymise or securely erase information that is no longer necessary.

If you reside in the European Economic Area, the United Kingdom or Switzerland, you have the right to obtain confirmation of whether we process your personal data and, if so, access a copy of that data. You have the right to rectify inaccurate or incomplete information, to have your data erased, to restrict or object to its processing, and to receive it in a structured, commonly used, machine-readable format so that you can transmit it to another controller ("data portability"). Whenever processing is based on your consent you may withdraw that consent at any time without affecting the lawfulness of processing carried out before the withdrawal. You also have the right to lodge a complaint with your local supervisory authority; the Serbian authority competent for our headquarters is the Commissioner for Information of Public Importance and Personal Data Protection (https://www.poverenik.rs). California residents are entitled, under the CCPA, to request (i) information about the categories and specific pieces of personal information we have collected, (ii) deletion of that information, and (iii) to opt out of the "sharing" of personal information for cross-context behavioural advertising. We do not discriminate against anyone for exercising these rights. Canadian users enjoy similar rights of access and correction under PIPEDA. To exercise any of these rights, please send an e-mail to privacy@astrologyst.com from the address associated with your account or use the dedicated privacy section in your user profile. We will respond within one month—or within 45 days for CCPA requests—unless the complexity of the request allows us to extend that period as permitted by law. We will verify your identity before fulfilling the request and, where applicable, we will accept requests submitted through an authorised agent.

Astrologyst AI is not directed at children and we do not knowingly collect personal information from anyone under 16 years of age in the EEA or under 13 years of age in the United States. By creating an account you represent that you are at least 18 years old, or that you are between the local age of digital consent and 18 and are using the service under the supervision of a parent or legal guardian who agrees to this Policy. If we learn that we have received personal information from a child in violation of these age limits, we will delete that information immediately. Parents or guardians who believe that their child has provided us with personal data should contact us at privacy@astrologyst.com.

Our website may contain links to third-party sites or social-media plug-ins. Clicking those links or activating those features may allow the operators of those external services to collect data about you. Because we do not control third-party sites and their privacy practices differ from ours, we encourage you to read the privacy notice of every site you visit.

We may update this Policy from time to time to reflect changes in technology, applicable law or our business practices. When we do, we will post the revised version on this page and change the "Last updated" date above. If the changes are material we will notify registered users by e-mail or by an in-app message at least 15 days before the new terms take effect. Continuing to use the service after the effective date constitutes acceptance of the amended Policy.

If you have questions, concerns or complaints regarding this Privacy Policy or our data-handling practices, please contact our Data Protection Officer: Data Protection Officer Astrologyst Technologies d.o.o. Kneza Mihaila 12 11000 Belgrade Republic of Serbia E-mail: privacy@astrologyst.com We value the trust you place in Astrologyst AI and remain fully committed to protecting your privacy while delivering insightful, AI-powered astrology.